Enacted in the aftermath of Watergate, the Privacy Act of 1974 was a landmark check on federal power. It gave Americans the right to access and amend certain government records about themselves and limited disclosure of personal information held in federal agency records.
But half a century later, its protections no longer match the scale of modern data collection. The law applies to federal agencies, and its coverage turns on records maintained in a system retrievable by a personal identifier, which leaves important gaps in today’s world of data brokers, contractors, biometric systems, and increasingly AI-driven analysis. Congress did add the Computer Matching and Privacy Protection Act of 1988 but the statute has not been comprehensively modernized for contemporary surveillance and data-sharing practices.
That gap matters because agencies now share information across systems at a scale the original law never contemplated. The result is a statute that still symbolizes transparency and restraint, but often delivers less practical protection than Americans deserve.
If we believe government power should be bound by clear rules, the answer is not to expand bureaucracy, but instead impose real limits on it. A modern privacy regime should preserve accountability, narrow indiscriminate data collection, and protect liberty without placing new burdens on private enterprise.
;
